Photos and as im painting turner, im thinking about what that might be like in his mind. For more, go to booktv. Org. Next a hearing on preventing Identity Theft by reducing the federal governments use of secretary of state numbers. This 90minute hearing was hosted by two house ways and means subcommittees. Good afternoon and welcome to todays hearing on the federal governments use of Social Security numbers. U unfortunately sam johnson was unable to be here today. I know everyone here joins me in wishing chairman johnson a speedy recovery. I would like to welcome chairman hurd of the oversight and government reform committees, i. T. Subcommittee and all of the i. T. Subcommittee members for joining us in the ways and Means Committee hearing room today. Back in 1936 when Social Security began issuing Social Security numbers, they were only used to track earnings and administer the Social Security program. Back then, it wasnt much thought about keeping your number a secret. But today, Social Security numbers are the key to the kingdom for identity thieves. Social security and Identity Security experts make a point of telling american, how important it is to protect their numbers. Social security numbers are valuable targets for Identity Theft because of their regular use by both federal government and private sector as a unique identifier, especially by the financial industry. Time and again were reminded to protect our Social Security cards in order to avoid Identity Theft and to be careful with what documents we throw away in the trash. Our Social Security numbers are connected to so many personal aspects of our lives from our Social Security benefits and finances to our medical histories and our education. But in recent years, privacy concerns have become more and more critical. When i was in law school back in the dark ages, our grades used to be posted on the wall to keep secret whose grades they were by Social Security. Unfortunately, they were posted alphabetically. So it wasnt hard to figure out whos was whose. One of my friends in law school was ziegler. He was the smartest guy in class and blew the curve but its his Social Security number was always the one at the bottom of the list. And i probably could recite you mr. Zieglers Social Security number. While colleges and universities have since changed their ways, the federal government has yet to fully catch up. Just over ten years ago, the office of management and budget issued a memorandum for the safeguarding of personally identifying information, including the Social Security number. The memo called for federal departments and agencies to reduce or replace the use of Social Security numbers across the federal government. Unfortunately, while some progress has been made in reducing the use of Social Security numbers, ten years later, theres still much work to be done. This hearing is about making sure that Social Security numbers are only used when necessary and that the federal government is doing what it can and what it should to make sure that when Social Security numbers are used and collected they are kept safe. The office of Personnel Management hack in 2015 is an example of what happens when the federal government collects Social Security numbers but does not keep them safe and this negligence comes with a cost to both the affected individuals and to the taxpayers. The American People rightly deserve and expect that the federal government protect their Social Security numbers and only uses them when necessary. I thank all of our witnesses for being here. I look forward to hearing from you about how your agencies are working to tackle this challenge and what more needs to be done. I now recognize mr. Larson for his opening statement. Thank you, mr. Chairman and we join with you in certainly wishing our dear friend and colleague sam johnson a speedy recovery. And would like to add how fortunate we are on the ways and Means Committee to have two iconic american heroes serving on the same committee. When you think about sam johnson and his service to this country and all that he endured on behalf of this nation, nearly beaten to death by the vietcong and you think about john lewis and being nearly beaten to death in his own country. We have these two iconic legends. Im so proud to serve with sam and i was happy that he asked me to present this with him,hr 1315 to remove Social Security numbers from mailed notices. And mr. Johnson, as i think everybody on the committee knows is such an incredible gentleman. We have also taken every opportunity in the subcommittee to renew a request, a, that i hope that the committee will travel to plano, texas and we have an opportunity to have a meeting there in plano, texas to honor mr. Johnson and this committee and this topic area he is so vitally concerned about. I also want to recognize chairman hurd who is with us and the lead democrat, robin kelly, for being here in our meeting room as well. Since 2014 hundreds of millions of americans have lost their personally identified information including their Social Security numbers to largescale cyberattacks. The number was originally created in 1936 for the purpose of running the nations new Social Security system. However its usefulness as a unique governmental identifier has made it near ubiquitous in the government and private sector. To date, Social Security administration has not suffered any largescale data breach but ongoing vigilance is needed. For updading the i. T. Structure. Altogether, Social Security administration has been able to remove the ninedigit ssn from about onethird of the mailings it sends out. Moving forward they have committed to removing them from the remaining notices wherever they revise a notice which requires computer upgrades. The severe constraints on the Social SecurityAdministration Budget are preventing the agency from moving numbers from all notices right away as they estimated it would cost 14 million to do so immediately rather than piecemeal. More alarmingly since 2010 the number of beneficiaries have grown 13 but Social Securitys operating budget has fallen by more than 10 in that same period. The Social SecurityAdministration Simply cannot serve more and more people with less and less money each year. Social Security Administration is already struggling to serve its beneficiaries at the level they deserve. My constituents are experiencing multiyear wait times on disability appeals and hearings. Their gophone calls are going unanswered and face delays in correcting errors in their benefits and payments. The president s fiscal 2018 budget released today also attacks Social Security benefits for those with disabilities as much as 70 billion over ten years. I would like to submit for the record the 13 times that trump promised not to cut Social Security, medicare and medicaid. President trump has promised repeatedly and explicitly throughout the campaign not to cut Social Security or medicare. This broken promise should be especially alarming to millions of people who voted for the president who spent their working lives paying premiums into the system believing those benefits would be there for them in retirement and or should they become disabled. Bottom line is this, Social Security is the nations insurance program. It is not an entitlement. It is the insurance that individuals have paid for throughout a lifetime. The problems with Social Security at its core, this issue that were taking up today especially as it relates to theft is violently important to protect peachs identity but equally important and the responsibility of this committee is the actuary soundness. Ask any private sector Insurance Company if they could have a 99 loss ratio . They would die for that. And theres no product on the open market where you can produce old age and survivors benefits, disability and a pension plan and survivors benefits. That is the uniqueness of Social Security. That is why is it americas Insurance Plan that our citizens have paid for. This is not an entitlement and well continue to make that point and i hope later this year mr. Chairman and mr. Johnson has been very gracious about saying that well get an opportunity to have hearings on our bills that will look at expanding and making solvent well into the next century, Social Security for all of its american citizens. Its the nations insurance program. Thank you. I now recognize mr. Hurd for his opening statement. Thank you, chairman. Two years plus i have been in congress i learned one thing and that is americans expect the federal government to protect their personal information. Sadly as evidenceddy the data breach at opm this is not the case. The American People deserve better from the government. If stolen, Social Security numbers can be used to perpetuate Identity Theft or worse wlchlt they are looking to steal money or threat the National Security of our nation. The Oversight Committee held a hearing on the irs data breach where they stole income information from Financial Aid applications and used that to file fraudulent tax returns with the irs. All of the agencies appearing before us today retain a wealth of information about americans, particularly Social Security numbers. We must reduce the unnecessary use of Social Security numbers on printed forms and electronically in transition and at rest. In. Tomorrow, the house has considering the Social Security numbers Fraud Prevention act of 2017 which prohibits agencies sending Social Security numbers by mail unless absolutely necessary. The Social Security administration has records on everybody living and dead. Its a treasure trove of information that must be protected. Veterans administration has held records on 8 million veterans and their families. I can imagine few other records as intimate as a health record. The v. A. Uses Social Security numbers as a patient identifier. Protecting the numbers is critically important for all americans but given that Social Security numbers are exchanged with the most at risk members of society we must take utmost precaution to prevent the unnecessary risk of exposures for these populations. Agencies reduce their use of Social Security numbers in order to mitigate the risk of Identity Theft. As agencies undertake this precipitation that he rethink how they use, collect and store Social Security numbers and all pieces of personal information they collect. Im proud to be here with my colleagues from the Oversight Committee taken ways and Means Committees in this important joint hearing to examine what is working and what we can do better. Today i hope to learn more about what efforts the federal government is taking to reduce the collection, use and storage of Social Security numbers. Thank you for being here today and i look forward to hearing from our witnesses. I know recognize ms. Kelly for her opening statement. Thank you for holding this important hearing. Originally created to track the earnings of individuals and determine eligibility for Social Security benefits the Social Security number has become the principle number to verify an individuals identity. But the proliferation of their use poses channels to Data Security and identity threat protection. In 2007 when the office of management and budget recognized reducing the use of the number could reduce identity thread, omb directed agencies to reduce their use of Social Security numbers by examining where their collection was unnecessary and creating plans and such collection within 18 months. Now on the tenyear anniversary of the guidance we have a chance to look at the things that have stymied the efforts. The Social Security administration no longer prints Social Security numbers on statements, cost of living notices or benefit checks the centers for medicaid and Medicare Services is removing the numbers from all Medicare Cards by 2019. The department of Veterans Affairs has ceased printing Social Security numbers on prescription bottles and kroe correspondence and working on finding a new way to identify people. These steps are Real Progress but barriers that still exist to full uimplementation, up with o those is a lack of strong approach from omb itself. Gao found that the 2007 memorandum did not define unnecessary use or outline time line or performance goals. As a result many agencies were vague and subject to varied interpretation of the years. And they did making it difficult to determine if they were reducing collection and use. Omb must strengthen its monitoring of compliance. Federal efforts to reduce Social Security numbers use has faced other challenges. Agencies are legally required to collect Social Security numbers for Identity Verification in a number of programs and Social Security numbers remain the standard for Identity Verification across government programs. Opm worked to create an alternate identifier in 2008 and again in twae2015. But a lack of funding prevented these empties from going forward. Significant reductions in Social Security numbers use seems unlikely. Outdated i. T. Systems cause agencies to struggle to attain their goals. Agencies dont have the funds to start anew. The subcommittee has spoken about the need to update the i. T. Infrastructure and we must put our money where our mouth is. Im concerned that cuts proposed by the Trump Administration will take us in the opposite direction. I hope my colleagues will keep this and the need to protect americans from Identity Theft in mind. I look forward to hearing from our Witnesses Today and yield back the balance of my time. Thank you. Thank you. As is customary, any member is welcome to commit a statement for the hearing record. Before we move on to testimony today i want to remind our witnesses to please limit their oral statements to five minutes. However, without objection, all of the written testimony will be made part of the hearing record. We have five Witnesses Today. Seated at the table are gregory wilshusen, from the Government Accountability office. Mary office of requirement and disability policy. David devries, office of Personnel Management and karen jackson, deputy chief operating office, centers for medicare and Medicaid Services and finally john oswalt executive director of Privacy Department of Veterans Affairs. Welcome to you all and thank you for being here. Pursuant to the committee on oversight and government reform rules, all witnesses will be sworn in before they testify. Please rise and raise your right hand. Do you solemnly swear or affirm that the testimony you are about to give will be the truth, the whole truth and nothing but the trut truth so help youed god . Please be seated. Mr. Wilshusen thanks for being here. Please proceed. If i butchered your name im sorry. You did perfect. Chairman and Ranking Members and members of the subcommittee thank you for inviting me to testify on executive branch effort on reducing the unnecessary use of Social Security numbers. My statement is based on the draft reports of federal effo s efforts after we receive agency comments. Before i begin, if i may, i would like to recognize several members of my team who are instrumental in developing my statement. With me are the people who led the work and in addition, andrew begs, four others made significant contributions. Beginning in 2007, opm, omb and the Social Security administration took several actions looking at reducing the unnecessary collection, use and display of Social Security numbers on a governmentwide basis. These actions have had limited success. Opm issued guidance to agencies and used throughout the federal government. It also promulgated a draft regulation to limit federal collection, use, and display of Social Security numbers but withdrew the proposed rule because no alternate federal employee identifier was available that would provide the same utility. In 2007, omb required agencies to establish plans for eliminated the unnecessary collection and use of Social Security numbers. Omb began requiring agency reporting on reduction efforts on the reporting process. In 2007, the Social Security administration developed an online clearinghouse on agencies best practices for minimizing the use and display of Social Security numbers. However this clearinghouse is no longer available. At the individual agency level each of the 24 cfo agencies reported taking a variety of steps to reduce the display of Social Security numbers including developing and using alternate identifiers, masking, truncating or blocking the display of the numbers on printed forms, kroens and printer screens. However Agency Officials noted that Social Security numbers cannot be completely eliminated from federal i. T. Systems and records in part because no other identifier offers the same agree of universal awareness and apublicibilty. They identified three other challenges, first several statutes and regulations require collection and use of Social Security numbers. Second interactions with other federal agencies and external agencies require the use of the number and a third challenge pertained to technological hurdles that can slow the replacement of the numbers in the systems. Reduction in numbers of the executive branch have been lacking direction from omb many Agency Reduction plans did not include time frames or performance indicators. Calling into question the plans utility. In addition, omb has not required agencies to maintain up to date inventories of Social Security number collections and not established criteria for when the number use or display is unnecessary. Leading to inconsistent determinations and definitions across the agencies. Omb has also not ensured that all agencies have submitted up to date progress reports and not established performance metrics to monitor efforts. In our draft report we are making five recommendations to omb to address the shortcomings. Until omb and agencies adopt better and more consistent practices the reduction empties will likely remain limited and difficult to measure and the risk of Social Security numbers being exposed and used to commit Identity Theft will remain greater than need be. Chairman rice, chairman hurd, Ranking Members larson and kelly this concludes my statement. Id be happy to answer your questions. Thank you, sir. Welcome and thanks for being here. Please proceed. Members of the subcommittees, thank you for inviting me to discuss the history of the Social Security number and how the Social Security administration uses it to administer the programs. Im marrian that lacanfora. There is a rich history surrounding the Social Security number. Those responsible for implementing the new Social Security program understood that crediting earnings to the correct individual would be critical to the programs success. Names alone would not ensure accurate reporting. Accordingly, in 1936 we designed the nine digit ssn and ssn card to allow employers to accurately report earnings. Today, over 80 years since the Program Inception we have given the ssn continues to be essential to how we maintain records. Without it we could not carry out our mission. But they were never intended nor do they serve as identification. We strongly encourage other agencies and the public to minimize their use. We provide electronic verifications of ssns to our federal and state partners to prevent improper payments in 2016 we performed 2 billion automated ssn verifications. The use has increased dramatically by other entities over time. A 1943 executive order required federal agencies to use the ssn. Advances in Data Processing in the 1960 further increased the use of the number. Congress enacted legislation requiring the number for a variety of federal programs, use of the ssn grew not just in the federal government but throughout state and local governments to banks, credit bureaus, hospitals, exceptional institutions and other parts of the private sector. As use of the ssn has become more purr vasive so has the opportunity for misuse. In 2001, we removed the full ssn from two of our largest mailings, the Social Security stau statement and the Social Security cost of living adjustment notice. They account for a third of the 352 million notices that we send out each year. In 2007, omb issued a memo requiring agents so review their use of the ssn. We recognize that although we need the ssn to administer our programs we can and did refine our personnel processes to reduce reliance on the number. But we recognize we need do more. Twothirds of our notices have the Social Security number. Our notice infrastructure is complex. About 60 applications generate notices and every notice is created to respond to a individuals unique circumstances. Nevertheless we are committed to replace the ssn with a bnc as we modify existing notices or create new ones, the bnc is a 13 character alpha new merrick code to help us to respond to inquiries quickly. We developed the bnc for use in the cost of living adjustment notice. Next year we will replace the ssn with the bnc on benefit verification letters as well as post entitlement notices. Together these mailings account for 42 million annual notices. We take great care to protect the integrity of the ssn and the personal information of the public we serve. Thank you for the opportunity to provide information and id be happy to answer any questions. Thank you. Chairman rice, chairman hurd, Ranking Member larsing, kelly and members of the subcommittee thank you for the opportunity to appear before you to represent the office of Personnel Management. In 1962, the Civil ServiceCommission Adopted the ssn to identify federal employees. Over time, the ssn became universal to every piece of paper or its digital form in an official personnel file. It became a defactor personnel identifier. It was used to record training, request Health Benefits and many other purposes. In 2007, opm issued guidance to develop consistent and safe use of federal employees ssn to minimize Identity Theft and fraud in two ways. One by reducing the ssn as an identifier and strengthening the protection of personal information. Examples of the measures rerecommended was eliminating the display of the ssn and restricting it to a need to know and they were notified of their responsibility to safeguard that. We included privacy and confidentiality statements and we came up with how to you mask it or take the numbers a up of the form itself. Internal to opm we examined our policies and in 2012 issued an addendum to our policy. The updated policy identifies acceptable uses of the ssn and describes how it will be documented and presented alternatives for ssn. This policy addendum notes that the only acceptable use are provided for by law, executive order, require interoperability with organizations outside of opm or required by to achieve agency mission. Is it the single identifier that is consistent across the security investigation process and may be necessary to complete an individuals Background Investigation but its it is now protected in transit and in storage. Opm has taken efforts to reduce the use of the ssn. It modified the jobs and staffing system so neither collects the number from applicants and we undertook an effort to understand which i. T. Systems used the ssn. The initial inventory was completed in september of 2016 and we are using it to validate the progress made and identify other opportunities. In addition we are updating the internal 2012 policy this year. It is difficult to completely eliminate the federal use of ssns without a governmentwide coordinated effort and federal funding. It links information among agencies. In the fall of 2016, omb and opm proposed the Program Unique identifier initiative to reduce the use of ssns. The puid initiative sought to facilitate the exchange by providing an attive numbering scheme. An initial proof of concept showed potential. Members of the skmooe thank you for having me here today for reducing the use of ssn and for your support in this safeguarding the is of paramount importance to opm. I would be happy to address any questions you may have. Thank you. Mrs. Jackson, thank you for being here. You can proceed. Chairman rice and hurd, Ranking Members larson, kelly, and members of tsubcommittees. Thank you for recognizing the work. Including our ongoing work to eliminate use of the Social Security number on Medicare Cards. This effort is an important step in protecting beneficiaries from becoming victims of Identity Theft one of the Fastest Growing crimes in the country. As we all know, Identity Theft can disrupt lives, damage Credit Ratings and result in inaccuracies in medical records. Thanks to congressional leadership and in particular chairman johnson and members of the ways and Means Committee and based on the recommendations of our colleagues in the Government Accountability office cms will eliminate the number on Medicare Cards by april 2019 as part of the medicare chip reauthorization act. We very much appreciate congress providing us with the resources necessary to undertake this important project. Beginning in april of 2018 all newly enrolled Medicare Beneficiaries will receive a new identifier known as the mbi. At the same time, cms will begin distributing new cards to our beneficiaries. The number will have the same number of characters as the current 11digit Health Insurance claim number but will be different and distinguishable. With the introduction of the mbi, cms will be able to issue a new number to a beneficiary in instances where they are a victim of Identity Theft or their medicare number has been compromised in some way. Transitioning to the mbi will help beneficiaries to better safeguard their personal information by reducing the exposure of their Social Security numbers. Cms has removed the Social Security number from the medicare summary notices that are mailed on a quarterly basis. We prohibited private Medicare Part d Prescription Drug plans from using Social Security numbers on their prescription cards. Many people wonder why use the Social Security number in the first place. When medicare was established in 1965, the Social Security administration administered the program. While cms is now responsibility, the Social SecurityAdministration Still enrolls beneficiaries and both cms and the Social Security administration rely on interrelated systems to coordinate eligibility for medicare benefits and Social Security benefits. Currently, Health Care Providers use the hiccan when they submit claims for payment for Health Care Services and also for supplies. And cms and its contractors use the hiccan to process claims. We are in the process of making changes to over 75 of our affected systems to replace those systems indicators with the mbi over the hiccan and will develop the software to generate the mbis and assign them to beneficiaries. We are working with our partners the department of defense, department of Veterans Affairs, Health Care Providers and other key stake holders. There are a lot of them to ensure that beneficiaries continue to receive services and our partners will be able to process using the new mbi. Were use an Outreach Program for the estimated 60 billion beneficiaries who will be receiving new cards as well as to providers, healthcare plans, clearinghouses and other stakeholders. This fall, well tell Medicare Beneficiaries theyll be receiving a new card, instruct them on when theyll be receiving it, and what do with their old cards. Were also working to make sure that providers and other physicians and other Healthcare Providers are prepared to serve patients throughout the transition by creating information for providers both for them to update their records with the new mbi and also for them to help remind beneficiaries that they need to bring their new cards with them when they see their doctors. We know from other successful largescale implementations that it helps to allow time for all stakeholders to adjust to the changes and so beginning in april of 2018 when we begin to mail out the cards, cms will have a 21month long transition period during which our systems will accept transactions both containing the mbi and also the hiccan. Throughout our programs, we are committed to safeguarding personal information, redesigning the Medicare Card to remove the Social Security numberbased id fire is a very important step for cms to helping to combat Identity Theft and further protect our beneficiaries. Thank you very much for your interest in our progress today and i look forward to answering your questions. Thank you ms. Jackson. Mr. Oswalt, thank you for being here purchase you can proceed. Good afternoon chairman rice, hurd, Ranking Member rice and kelly and distinguished members of the subcommittee. Thank you for this opportunity to be participate in this joint hearing on the use of Social Security number and the steps that va is taking to reduce, eliminate Social Security numbers from va systems. Vas mission is to serve with dignity and com occupation americans veterans and their family. This mission is contingent upon accurate and timely information being readily available. If we are to advocate for veterans ensure they receive the medical care, benefits, social support and lasting memorials they have rightfully earned, they must coordinate and fied phi this information entrusted to us. The department interfaces with some other federal agencies including but not limited to the department of defense, Social Security administration, the Internal Revenue service, and the department of education. Vas primary uses of ssns are three foltd. One, locate veterans and depend entsz to ensure correct identification in association with the dhifrry of healthcare and services. Identify employees for employment Record Keeping and three ensure 100 accuracy in paper identification. Mistaken identity in the deliver riff healthcare can result in tragic outcomes. Until such time when a comprehensive and accurate means do is is established and implemented the use of ssns remains the best way to identify patients. They must be used as required by law and regulation for purposes such as Background Investigations, income verification, and the matching of computer records between government agencies. Elimination of the ssn use is not solely a fings of Information Technology i. T. , the business processes used by the Veterans Health administration, vha and vba, and va offices, i a complete overhaul in how they establish absolute Identity Verification inside va and equally important outside va. I. T. Solutions to eliminate ssn use can only occur after our integrated and com prohenszsive review of ssns use and interconnectiveness is complete. Va recognizes the growing threat posed by Identity Theft and the impact on veterans, dependents and employees. In 2009, va complete and implemented the enterprise wide Social Security reduction effort Social Security number reduction effort. The goal of an ssnr is gather and catalogue ssn use lead together reduction and or elimination of the ssn as the primary id fire all while maintaining the 100 requirement for proper veteran patient identification. For example, vha has eliminated the full ssn use on appointment letters, routine core pond answer and identification card. Va pharmacy has eliminated the ssn from prescription bottles and mailing labels. As a whole, va has removed ssns from several forms where such use was deemed not necessary. Vba is modifying and existing contract to replace ssns with barcode labels on all outgoing correspondence. Completion of that effort is expected in november of this year. As va migrates away from ssn use, the office of Information Technology is collaborating with stakeholders to continue expanding the use of the master veter veteran index, a regular strif vet reasons rare beneficiaries and other eligible persons. Mvi serves as the aauthoritative identity source within va and generates and assigns an integrated control number or icn for each veteran. The use of mvi as a unique id fire continues to expand with the ultimate goal being the replacement of the ssn as a primary id fire. There are many challenges facing va regarding the elimination of the unnecessary collection and use of the ssn. This i concludes an enterprise wide system val analysis that needs to be conducted to find and identify the large volume of Interface Systems that va needs for Clinical Care and administrative functions. Undertake a Robust Training Program for employees to identify a unique id fire. This has begun but it will take time to implement fully. And acceptance by the veteran community. A change of this magnitude across the entire va system will, i substantial outreach and education. Va has made considerable progress towards eliminating the unnecessary use of ssns and continues to reduce the ugs of ssns with the goal to replace it with an alternative primary id fire. This concludes my testimony and i am prepared to answer any questions you or other members of the subcommittee may have. Thank you. Thank you, mr. Oswalt. We now turn to questions. S is saz customary for each round of questions i will limit my time to five minutes and i will ask my colleagues to also limit their questioning time to five minutes as well. Mr. Oswalt, i want ton start with you. You were just speaking of the hurdles that the va has to cross to eliminate the Social Security number and how critical it is that we make sure that we identify each patient, their lives are in the balance, right, and make sure they get the right medications and so forth. So you were saying that as a replacement for the Social Security number you had started implementing an icn. What you didnt tell us is how long its going to take to get that done what would be your best estimate for when you can get that done . Well, the mvi, which is the registry of all certain types of id fires has been in place in var incarnations since 1999. So you dont use Social Security numbers anymore . Excuse me, sir. You dont use Social Security numbers anymore . We do use Social Security but its use use as a primary id fire is still in the va processes. The icn is generated by all of the information that it collects. And using that icn as a means to identify a veteran as their information traverse a system or machine talking to machine, that has happened to a large extent already. Its primarily the ssn use is when theres a human to human interface between a clinician and a patient. Do you still have their associate security numbers on their little wristbands . Yes, sir, we do. There is an effort under way, i believe on a pilot level right now we are seeking to eliminate the full ssn with the goal of being a complete elimination and theres also a barcode that has have you any kind of a timetable for that . Id have to take that and provide that for the record because im not aware of the projects status on that. Thank you, mr. Oswalt. Ms. Jackson your testimony was very interesting and exciting to me. You said by 2018 you will eliminate Social Security number from the Medicare Card, youre moving at looikt speed for the federal government. Thank you for your efforts. Mr. De veez you said something was interesting to me. You have stopped collecting Social Security numbers for applicants for employment at the federal government . Correct, sir. When an applicant is going to enter into or wants to come into the federal government and they go to the usa jobsite, we no longer collect the Social Security number from them at that time, correct. When do you collect their Social Security number . We dont collect it. Once we match up the job applicants against the job posting through what we call usa staffing and the agency takes that referral list and the list of applicants and they narrow it down and make the final selection, when they bring that person on to make them an employee offer, thats what the agency thats hiring them collects that from them then. I know they would use their Social Security number tax withholdings and such. What else would they use their Social Security number for when they were looking to hire somebody . So its mostly that, its your status of employment and then the benefits that come with doctor it, whether it be the pay and the reporting back to the irs and the Social Security side of the house is do you do criminal background checks on any agency of the government. Once you become an employee and if your position requires that then when you submit in for the Background Investigation then that would also be the primary use. And then similar to what we do with the va, once that gets into the Background Investigation system, then theres a Different Number that becomes the control number for it. And since this massive hacktion that occurred several years ago i assume youve implemented a lot more protections to prerent that from happening again . Yes, sir. This is lock in four, gosh, amazing statistics. Did i hear you correctly that i verified two two billion requests per year . Is that right. 2 billion verifications, yes. Wow. So that would be like six for every single living person in the country. Yes. Its worth noting that more than half of those are federal and state agencies that are verifying numbers with us, and that can happen multiple times throughout a year if theyre processing for example an application for benefits. Great. Omb has required agencies to eliminate the unnecessary use of Social Security numbers but they never defined what necessary use is. How do each of your agencies defineness use . Ill start with you, mr. Wils houston sen. Actually i dont know how my agency has defined social or unnecessary use. What we did in terms our audit of the other agencies is determine to what extent that they have identified how they use. And what we found out that 24 cfo act agencies is that a number of them, like four i believe, did not even define what unnecessary use is. And another eight didnt really is a documented or did not have a formal definition but rather compared it to based on the judgment of the individuals who are making the particular assessments on service you are and i thank you for being here today. And just a couple of questions. First, its going to be incredibly hard to operate an agency that is the largest insurer in the nation. And to do so with the 99 loss ratio, the envy of any private sector Insurance Company, cue do cue does to you. One of which were exploring here today in terms of making sure we get after frud and abuse anda as weve said many times on the committee, anyone who abuses this system, a sacred trust, ought to get the ultimate penalty. Im all for strengthening anything that we can do to further crack down on this. But weve heard in your testimony today is a couple of things that strike me. Number one, you know we have a 13 increase with the baby boomers coming through this system and yet youve had a 10 overall cut in your budget. One has to ask, how are you able to manage with these increases and the complexity of the problems that you face including hacking . Now, listen, im one of those people that won also concur that, hey, listen, you dont always cuts in service if theyre replaced by technology that is current can overcome those things. But it seems to me like youre also saddleb that i. T. That needs to be update and emproved and there arent the resources that we funnel you to do that. Is that a Fair Assessment . Have you cited some of our challenges. I will mention we are embark opening a very ambitious i. T. Modernization plan. We know we cant continue to operate the way were operating. When you say youre imbashing on it do you have the money for it and where are we going . It seems like a lot of problems and dhaernz were confronted with especially in the area of veterans, et cetera, and i noticed the wristband concerns that were brought newspaper terms of identification, that if we have the resources, and certainly we have the technological capability, why wouldnt we protect what is the governments leading program to protect and assist its citizens . Could you do you need more money . I think our budget folks are coming up to brief your staff on the 18 bug by will say that the 18 budget attempts to Balance Service and stewardship as well as improve the efficiency. The i. Tmt modernization plan that i mentioned is something that were looking forward to advancing and were considering that to be an agency priority. So we are going to dedicate the funding to support that. Part of that will help us to modernize our Communications Infrastructure and remove the ssn from the remaining notices. Whats very alarming to us and i know that my colleagues on the other side of the aisle share this as well, is that we know how vital this program is to all of our citizens. We know and everyone can attest to the long waits on disability in terms of processing claims. It seems in a country as gift adds we are with i. T. This ought to be something we ought to be able to solve rather easily. So its further frustrating when we continue to see cuts in the budget and quite alarming today when we have the president s budget is revealed with about a 70 billion cut in Social Security. Which, to me, is unconscionable especially given the previous statements about preserving and saving if not expanding these benefits to keep pace to where they should be from where they would be in 1983 when we actually last looked at this from a business, sound position. I believe that we can close a lot of these gaps with appropriate technology and assistance from the rank and file who i would also note according to testimony in previous hearings that frontline members in Social Security offices are our best line of defense against fraud and abuse and waste. And they dont get enough credit and continuing to cut the budget instead of looking at investments in both i. T. And where we can be more efficient and successful i think is where we need to go. Thank you. And just to clarify, the president s not talking about benefits, hes talking about cutting administrative costs. Mr. Schweikert. Thank you, mr. Chairman. Forgive me. Who would be the most technical of all of you . All right. I need you to work through something with me and correct me if im not hearing something correctly. I have a bnc, i have a puid, i have an mbi, i have an icn. Are these all on a common registry that a dare vation table that you tag in technology and you pull back and tag . No, sir. In that case, forgive me, and look, ive only been reading the testimony and the things here, but what i see is absurd technology wisewise. Without a common central token system, and forgive me, but if you use apple pay here, apple pay does not hold your credit card number. What it does is it creates a onetime use token, the token hands off matches, is hand back and the number reflects back. You all have i. T. Budgets, youre trying to solve a problem, but in many ways if i need to you walk me through its my fear that the problem may have just gotten worse because i have the va now with one set of numbers, i have medicare with a different set of numbers, i have opm with a different set, Social Security with another blind id fires. Have we just made the problem much worse . At least for the Customer Service aspect . Sir, if i could, let me address that. What you just heard here was exactly the case. We took the one common field, its called ninedigit Social Security number that grew up for decades, was in every form that we filled out and then we said we cant show that and cut the use of that where its not publicly used. I understand the need to blind it. We create a scheme for each of these things pirt i i came from several years inside dod so when i become a dod member i become a veteran at the end of that thing, i get a Different Number. Now im a civil servant, i get a Different Number yet and so how do we unite that thing. Thats where we need the unioccasion at the top to help drive the standardization of these things and how do you link them back. Because at the end of the day i still need to tie the different benefits that come at it from the various Employment Opportunities and medical does everyone see what im observing is we may be actually in our attempt to blind these numbers creating another cascade effect thats going to create a whole new level of complication and thats whenmy veteran happens to also be working on his medicare who also is dealing with a Social Security dispute that maybe wanting to back to work for the federal government at the park service and now i have a handful of Different Numbers. Just the top of my head and im on the edge of my technical expertise, i could come to you right now and whether it be in a distributive ledger model or some sort of common token zais where i ha zation, where i hand this off and you get a match. It wouldnt stop you doing what we were doing but wed have to build a common clearinghouse data system that would reflect all the numbers and hand back the onetime use token. But that may be a unifying solution to solve actual u actually a number of our problems which is i can actually take all the way to Social Security earned income tax credit, fraud, a whole number of other things that could help on. Am i way out of my league here from your area of expertise . Am i seeing a unifying problem here . You are correct, sir. In my opening remarks i talked about the Program Unique id fire, and the concept there was to keep the Social Security number as the gold place. You protect that, you surround it, but you dont bring it out. And then you have programs and so each of these could be a unique program and they would have structures to their numbering schemes and they own the numbering skrooemz schemes just like we talked about today her but it gets associated back to it and thats whaez what gets shared out. If his Medicare Card gets confis indicatesed or lost we cut them a new one it doesnt start the whole process. It would be easier if every time someone used a medicare benefit they had a chip card but the fact is you and i could design the same thing where i type in this time the unique number it hands off. It may be worth a conversation for those who are interested in this type of technology maybe as the committee here we need to sort of its going to take some resources, but theres got to be a unified theory we could get to tho make this simpler. I yield back mr. Chairman. Thank you. Ms. Kelly. Thank you, mr. Chair. Social security numbers have become used as the principal method of Identity Verification in and across agencies, however, the very fact makes them lucrative targets for identity thieves. Mr. Wills hue sen. Wills hue sen, you received that ssns are particularly risky because they can quote a persons pii across many indicta testimonys and databases. You can explain how the widespread use of Social Security numbers inkreetss the risk of Identity Theft . Certainly. One of reasons is that its available and if its not properly secured in our work on Information Security at federal agencies when we looked at the examination or examined the security controls over the agencys information, we have often found that the security controls are not effective to the extent to where they can adequately protect the confidentiality, i teg gritty and availability of the nfs and systems at those agencies. So by having stores of Social Security number in a particular agency and if its not adequately protected, then that information can be used not only for that agency but can be used as an id fire for that individual at other agencies and, indeed, in the private sector as well. And so just last year, in fiscal year 2016, agencies reported about 8,300 incident involving pii to the u. S. Kert for fiscal year 2016. How cot use of such an id fire reduce the risk of Identity Theft . For one it may limit the extent to which an alternative i. D. May be used to identify that individual with other databases at other entities. So its an opportunity to limit the extent that that id fire can be used across various organizations. And you talked about in your testimony no such identifier was available. You can expound on that . Well, thats one thats not universally as accepted and applicable as the Social Security number. We did report that in certain inassistances that certain organizations, including like dod and va or vha where theyve started to use an alternate identifier other than Social Security numbers to provide for their members and that required one. Okay. And despite opms failure to implement an alternate in 2008, the agency proezed a Program Unique identifier initiative in 2015 to provide an alternative way for identifying records in government systems. Is that correct and you can elaborate on that mr. De rye . Maam, i can get the last port of your question there. I asked about the proposed unique identifier information to provide an alternate way for in government systems. Yes. If you define a program as being a functional area of interest, so like say cms, dod and other ones there must be things that are attributed back to the individual. When i was born a got a Social Security number, i started a workforce and along the way i accrued these different benefits with you each gets logtd in a different way. When what we talked about before that says heres the Program Owner for this nuck scheme and they standardize the numbering then you can reuse those things and just as he poirchtsed out we would not if you lose your Medicare Card, you lose the connectivity of what this represented in the medicare business but not across the whole Financial Institutions and the other ones. The challenge is how i do work that thing not only at the federal level at the agencies here, but then down to the agencies that report in to us and also to the state and local government. Because everything is coated no these various programs, the Social Security administration talked about the number of systems she has, they keep on exploding when you go down to the state and local government side too. And all those have to be linked together at some point in time. But i think question take it one phase at a time. I worked for the state of illinois and it was the same issue there and i wondered do states change it on their own one by one or how does that work . Do they decide to make changes . Because i think before i left they made some changes because they had Social Security numbers on everything. I know im out. Ill let my esteemed colleagues talk here, but within the department of defense when we moved from moving away from Social Security numbers on all of our i. D. Cards and so forth, that did not happen overnight. It came with putting out a standard, coming up with a scheme as we talked about and then forcing it. Thank you, ms. Quelly. Mr. Mitchell. Thank you, mr. Chair. Mr. Wills houstonen, let me start with you one of the thipgsz i havent seen referenced is the use of Social Security numbers and the hacking that goes out with the irs. It probably wont surprise to you know that i among other americans have had their Social Security number hacked for irs purposes. The solution to that is well issue awe pin number. So you get a pin number mailed so you so you can file your taxes . Do you know what happened this year on that . I understand that those pin numbers were also compromised to some extent. They were. So i didnt get a pin number. I can only begin to describe to the entertainment of trying to file my taxes as well as i dont know how many other americans when, in fact, they dont have pin numbers that work either and they cant file electronic or any other way with their Social Security number. The point i the reason i raise it is the point that mr. Schweikerts raised rather than independent agencies creating their own identifiers, a pin number, all the acronym iz dont know if anybodys watching this or will watch it most of their eyes will glaze over with cac crow nims. Just create an identifier, atoning stm and im shocked at this point there hasnt been substantial conversation as to why we dont set a centralized process so someone can trigger that and create a token for not only benefits but when they pay their taxes. Why is that nota a more effort at this point in time rather than individual efforts . I think thats definitely a possibility in everything, but think you also touch upon the fact that these numbers, regardless of their prov trens dense, if you will, need to be adequately protected by agencies in their information systems. And we have found traditionally that there are that the security controls overagency systems need to be improved. Youve got the user using their number and the Agency Securing it and those are two separate dilemmas and a problem but we seem to be making one harder by issuing all kinds of different identifiers which, in the case of the irs that was compromised as well. So whats to prevent being compromised this additional effort we made and rather than have an encrypted token based system that allows do you that . And thats technologys existed in the private sector for a fair amount of time. I would encourage the agencies to begin actively and we should talk about it further mr. Chair about how it is reencourage doing something thats integrated that secures it to eye toning system thats encrypted at least protects data on the useder end. If i can real quick, i was look foug your testimony and listening to you, returned a little late from the floor to hear everyone, a apologize. Theres some notations that troubled me a bit. Va is currently eval waiting the elimination of Social Security numbers from correspondence. Im trying to find a polite way to word my response on that. Its nice that theyre evaluating that. How longs it take va to evaluate that . Well, sir, since we ban the ssn reduction effort, number of correspondence and forms generally have been scrubbed. There f theres a compelling business need for it, we would it would remain. We have an ssn number review board that reviews things from a departmentwide standpoint. I cant attest right now, i can submit it for the record what forms and correspondence still is at. But as i said in my oral testimony i only have a couple minutes. Let me ask for the record tlau do submit the number of forms, correspondence, what their purpose is and justification is for the record because i dont understand why it is in correspondence were sending out this and we still put the Social Security number on it and if we put the social surety number we put the whole Social Security number. Question number two, you made a comment with the b the Social Security still being on the wristbands. Now my guess is everybody in the room has been to the hospital and you get a wristband. I havent seen a Social Security on a wristband in a medical institution in close to a decade, maybe seven years. Why in the world would you still put it on when theyre hospitalized . Well, there is a barcoded ssn that allows the clinician to talk to a machine to the barcode. So thats used as a form of patient identification and verification. As i think i mentioned in my oral testimony, theres a pilot at a number of va sites where were using the last four. Eventually the well move away from the full human readable ssn and the integration control number, the icn will replace that. Thank you, mr. Chair. Yield back. Thank you, sir. Thank you, mr. Mitchell. Mr. Pascrell. Thank you, mr. Chairman. Thank you for having this hearing. Ms. Jackson, i sat on the ways and means health subcommittee. Weapon had extensive conversations with Social Security agency about the process for removing Social Security numbers from Medicare Cards. Hearing again about this process is enough to make your head spin. At the time, we had these this dialogue, it was quite clear that Social Security, quote unquote, did not have the fund doing this. Thats what you said to us. Now can you explain how what seems like a Pretty Simple task of removing the Social Security numbers from Medicare Cards could be such a challenge that cmss to the system that you use in terms of Information Technology . Tell me whats going on. Thank you very much for the opportunity to speak to that. We have at cms been looking into the removal of the Social Security number from the Medicare Card for a number of years. But it was not until Congress Gave us the resources to be able to implement the system changes both in our internal systems and also in the Data Exchanges and the updates that we must do with the Social Security administration with the Railroad Retirement board who also use a hiccan based identification card updating information in our internal systems, as well as informing providers and Healthcare Providers and Medicare Beneficiaries about their need to using new card when they both provide care on the Healthcare Provider side and for billing purposes, and also when a beneficiary goes to receive care from their doctor or from their hospital. To move forward with implementation of the Medicare Beneficiary idaho identifier, we have made system changes over the past couple of years. We hit a major milestone this past weekend in assigning new Medicare Beneficiary eye debt fires to all Medicare Beneficiaries which now will allow to us begin the Testing Process with all of our systems and our Data Exchange partners to then be able to mail the card and begin the transition period. We expect to have this completely implemented by april of 2019 with the beginning of mailing of cards in april of 2018. The transition period for us is very important so that all stakeholders are able to receive the new mbi, submit bills and claims using the new mbi, and to assure that healthcare is Still Available and provided to Medicare Beneficiaries. In the new identifiers will be the same number as the past . No. The new identifier, its an 11digit code but it is an alpha knew mayor rake code that is randomly assigned was randomly assigned when we did the enumer operation over the weekend does not look anything like the current Health Insurance claim number. So weve done it with some resources and youve proved it could be done and the system will be complete in 19 in 2019 . Thats correct. Am i correct in saying that . Yes. We will thats thats pretty big. And youre standing by that . I am standing by that. We actually will be ready to receive the mbi on claims submissioned by april of 2018. Thank you. In your testimony, where are you . Here you are . Am i pronouncing that correctly, sir . Yes, sir. You stated that it was difficult to completely eliminate the federal use of Social Security numbers without a governmentwide coordinated effort and dedicated, you said, dedicated funding. Thats what you said, right . Yes, sir. Okay. You can explain how opm would use additional funding to try to achieve the goal of limiting the federal governments use of Social Security numbers . In the case of opm where we exchange the important data between a retiree, a federal retire rhee with the Social Security and the irs for the tax purposes there where are that underlying thing would still be coated and still be exchanging through the Social Security number. But again the communication that goes out to the federal Retiree Benefit say Different Number there. We do do that today for Retirement Services where you get a different control number when you become a federal retiree and thats how all ks is tracked back to you. Mr. Chairman in terms of the money. Im sorry. To change the systems, it is were operating systems today and just as cms probably kmernsed you need the infusion of money do coding and other changes and testing as you prepare this parallel highway, if you will, of how were doing it there. Thank you. Mr. Chairman, may i just add this into the record. I heard from one of our members, and i need to correct the record, said that the president s budget does not cut Social Security benefits but it does. In the budget, it cuts Social Security disability by up to 64 billion. I think the record needs to be corrected and maybe the congressman who said it needs to be corrected. Thank you, sir. Mr. Hurd. Youre welcome. Thank you. Thank you, chairman. Mr. Oswalt, i was confused by an earlier exchange. Do we know how many documents within the va have the Social Security number printed on it . We know what we know right now. Its an ongoing, expanding effort. Theres a Social Security number. I get that. Reduction pool. So correct me if im wrong, theres a bunch of forms that the va sends out, we should know how many of those are, one of the Data Elements on that form is Social Security. Why does it take years to go through each form and delete that data element or not slow it on the underlying form . Sir, id have to submit for the record the history of why its taken so long, but there are a number of instances where its in the works ms. Jackson, how many forms does your organization have that prints Social Security number on it . With the implementation of the Medicare Beneficiary identifier, we wont have any forms that will issue the Social Security number. Over the past couple of years we so youre saying 2019 is when this is were going to be successful in achieving that. Why, again, we currently right now there is x number of forms that produce when theyre printed out pro on that form it includes the Social Security number, correct . No, sir, im sorry, i should have been clearer. Our correspondence with Medicare Beneficiaries we have truncated the Social Security number on all of that correspondence with the exception of one document, which is our medicare Premium Billing form. That still does include the Health Insurance claim number. I am not im sorry, i cant remember if it is truncated. That will be the document that will be replaced with the mbi when we implement. Ms. Locken foreign, how many forms does your organization produce that has the current Social Security number on opinion. Currently we send out 213 now forms each year that still have the Social Security number on . Is that many unique or five different kinds of correspondence. Theres over a thousand separate types of notice zblds so we have a thousand documents and one of those elements when it gets printed out is Social Security number. Why you cannot just delete that from the when you run a batch . So we have deleted the number or removed the number and replace today with the beneficiary notice code on over 100 million notices we have another 42 million that were doing in fiscal year 18. The challenge we have is two told. One is that there are 60 different systems that produce notices. Those 1,000 plus noticed. So the resources needed to make the changes are significant. Beyond that, the other significant issue or challenge that we have is that the Social Security was Social Security number was create dodd business with our agency. And so when we mail out a notice to someone and they, for example, are being told that they have an overpayment, they mate miets pick up the phone and call s and weve got to be able to quickly identify who they are and what their issues are. Alstonia has done this, alstonia has moved to a system where its a toke ren zaigs. Now, he theyre 1. 3 Million People which is the size of my hometown in san antonio, little bit different, but theyve achieved the ability to have this interoperable number across all of their government agencies. Weve talked about token zation here. Tultly this is a shared service and how do we immeant a shared service at opm when it comes to an identifier across all the federal government sfl thats a great question. Im not sure the exact answer because what youre talking about is through the token and the bit chain Type Technology and so forth. Thats one that i think we need to work with industry closer on and bring that to the federal government side of the house because its not the same thing as it is on the industry side of the house. Im desperately trying to reach out there for it. Were still stymied about how you bring that technology in and infuse it in High Pressure system its our application systems its not our hardware systems its the applications that are riding in and changing those. In the last 30 seconds oftime my time you referenced i. T. From being a barrier if the who do we need to do to prevent that from being a barrier . Thats one of the problems with legacy system, they may not be able to handle newer numbers and in order to be able to do that it requires significant system change or modification. I yield back, chairman. Thank you, sir. Mr. Lynch. Thank you, mr. Chairman and thank the witnesses for your help with the committees work. Mr. Vies back in i think was july, opm disclosed that its Information Technology systems had experienced a massive data breach com bro mizing the Social Security numbers, names, addresses, background information, birth dates, and the Background Investigation records for about 22 Million People who had applied for sensitive positions with the fbi, cia, nsa, and we had a hearing subsequent to that breach and i actually asked your predecessor, i asked her if she was even taking the most rudimentary steps to protect the Social Security numbers. We even are we even encrypting them within the system at opm. And im very sad to hear her testify that, no, at that time in twist we were not encrypting and i urged them do that. Then a year later we had a followup hearing with ms. Colonel better, i think she had some operational responsibility there. I asked her the same question a year later if that job was complete. She testified that, no, it was not complete and so we come full cycle here and youre here and ive got to ask you, now, ms. Kul better said our system did not allow encryption of Social Security numbers. And i just want you to tell me something good. Tell me that weve encrypted these Social Security numbers. You know, it would be laughable if it wasnt so serious. I read an article last sunday in the New York Times where a bunch of our sources in china are being killed off either killed or imprisoned. U. S. Sources. Foreign intelligence sources. And, you know, i got to think that, well, that hack was attributed to the chinese government, i know the hack actually came after, at least we found out about it after many of these people were executed in china for cooperating with the United States government, they were shot as spies or imprisoned as spies. But you see especially with Sensitive Information like this for secure positions where were really exposing our personnel, our intelligence officers, and anyone who cooperates with them to grave, mortal threat. And so weve really weve really got to step up our game here. Let me go back to my question. Are we encrypting these Social Security numbers. Io, we are. I have all the databases that contained the Social Security nukes and other pis to have encrypted with the exception of one database that resides in the mainframe which is now sitting behind other security controls and detection systems and that is scheduled for completion, which is little bit more of a challenge because its on the mainframe, to be completed this calendar year. Okay. So we had this hack about ten days ago, this ransomware attack, it was basically not stealing our information but preventing people from ute li utilizing that. Most of the impact was overseas. They tell me that was because many of the much of that software as Bootleg Software that Microsoft Windows well they bought a bootleg so that the fixes and all that were not available for those people. But do you feel that will we have major vulnerability from that type of that type of hack as far as our our user population goes . Sir, i would say, yes, and i think thats the lowest common denominator that weve all got to take steps to keep on educating both the families at home as well as the workforce itself. Within opm there was no choice, their systems are patched. Thats thats a call that the director supds and i make it as the cio and i think thats the right approach to take, just as you would in any kind of corporation there. Okay. All right. Mr. Chairman, thank you for your courtesy, i yield back the balance of my time. Thank you, sir. Mr. Mrs. Sanchez. Thank you mr. Chairman and i wablt to thank the witnesses for being here today. Identity theft affects over 12 million americans per year and it costs the victims just over 350 on average, thats on average you hear cases of it taking people years and a lot more money to get it straightened out. And ive been one of those people that have unfortunately been the victim of Identity Theft. Social security nukes a Social Security numbers and other information like dates of birth, hackers steal that information from breaches of the office of Personnel Management, from Health Insurance companies, from the United StatesPostal Service and even retailers like target. And while im encouraged that the office of budget when they pushed the memo calling for agencies to reduce collected and retained information and strengthen the security of Sensitive Information, these recent hacks show that opm and other agencies are still fundamentally very ill prepared and Many AmericanSensitive Information is still very vulnerable to attack. And thats why, you know, reducing the collection and retention of Social Security numbers is so important. Its troubling see that after ten years Government AccountabilityOffice Reports show that only two of 24 agencies examined met the requirements for complete plan to reduce unnecessary use usage of Social Security numbers and its even more troubling that the office has provided very little guidance to agencies to help with the transition. In addition to exacerbate matters, the president s Budget Proposal guts Agency Personnel and operating budget further limiting their capacity to protect information and to improve their systems. So whether its a lack ever fund organize lack of guidance, ten years after the issuance of the memo we should be in a better position to safeguard americas personal information. And i know i recognize that there are clear barriers that agencies face in reducing the collection of Social Security numbers, for example, state mandate the collection of that information. I just wanted to note before i devil into questions that i think its interesting that today were discussing the progress of agencies to reduce the collection of Social Security numbers when tomorrow this same committee will be marking up a bill to add a new requirement on an agency to collect and verify Social Security numbers. So on the one hand were saying, dont collect them and dont collect them sur pur lousily and then on the other hand were demanding the collection of that information and i think its both ironic and hip critical of us on this day as to be doing both things. But aside from that comment, mr. Devies in the gaos report they recommend using an identifier but withdrew that regulation because the identifier wasnt available. What are the barriers to creating a new identifier for federal employees or agencies to use in their administration of benefits. Representative sanchez thank you for that question if the and, again, i think the complexity or the barriers to overcome here are the size and complexity of the government, just as the witnesses here at the table represent a few of the agencies, every agency really has a collection thing that kind of ties back to an individual and the benefits that get tied to it, will it be their pay or the benefits from medical and so forth. How do you then create that architecture and again going back to what chairman hurd talked about, you have to have that architecture in hand before you talk about the token use or other bit chain type stuff, how do you promulgate that down. My cloeg to my left talked about how they roll out the new medicaid number there its not done overnight its a process. And cuts and fund rg how does that affect the ability do to protect sensitivity information effectively . So its theres in every agency theres probably just enough dollars to make that go. What im going to try and do Something Else i have to have that go alongside what im currently operating and bring in something new, and i must turn off what i just got rid of. Would you say that right now youre operating with a very best equipment that money can buy . No maam. Would you say that the equipment that you have to work with on a scale of one to ten in terms of modern and efficient, where would it lie on that scale . Maam, id say from over our over our architecture and operating perspective id say it would be about a. 3 or. 4. So further budget cuts not necessarily helpful to remembering fying that. No. Thank you. No more questions. Thank you, ms. Sanchez. The federal government needs 10 to sure it is doing all it request to protect americans identities and that Social Security numbers are not being used unnecessarily. While progress has been made based on what weve heard today theres still a long way to go. Thank you to our witnesses for their testimonys, thank you also to our members for being here. With that, the subcommittee stands adjourned. Treasury secretary steve ma mnuchin testifies thursday on president trumps proposed 2018 Treasury Department budget and tax reform plan. Were live with the Senate Finance committee starting at 10 00 a. M. Eastern here on cspan 3 put can also follow it live on cspan. Org or on the free cspan radio app. Thursday, a head of the memorial day weekend members of Congress Host of the first annual mem kwal day wreathling care moan. Tim murphy of pennsylvania and Steve Russell of the oklahoma host the event approximately well have live coverage at 7 35 eastern on y span 2. Cspans washington journal live every day with news and policy issues that impact you. Coming up thursday morning, Washington State democrat congressman denny heck will discuss the latest in possible russian interference in u. S. Elections and Florida Republican congressman will be with s us to talk about president trumps meeting this week with european officials an members of nato and g7 countries. Be sure to watch washington journal live 7 00 eastern wednesday morning. Join the discussion. It resulted in a naval victory for the u. S. Over japan just 60 months after the attack on pearl harbor and on june 2nd American History tv will be live all day from the mcarthur Visitors Center in nor foal being virginia. Walter boornman, nim mitts, haulz hallsy, leahy and king, Elliot Carlson with his book, the odd did i sis. Code breaker who outwitnessedya ra moto. The untold story of the bat of midway, and timothy overor coauthor of never call me a hero a legendary dive bomber pilot remembers the battle of midway. Watch the Anniversary Special live from the center in Norfolk Virginia on june 2nd on American History tv on cspan 3. Next nsa director and head of u. S. Cyber command admiral Michael Rogers tefd testifies on his agencies